Pulse Detail — Threat Intelligence

PULSE NAME

Suspected Rattlesnake organization uses Nim backdoor to spy on intelligence from many countries in South Asia

WHITE AlienVault 2023-11-20 Modified: 2023-11-20

IOCs

MEDIUM VOLUME

Sidewinder, also known as Sidewinder, QiAnXin internal tracking number APT-Q-39. This organization is generally believed to have a background in South Asia and was disclosed by domestic and foreign security vendors in 2018. Its earliest attack activities can be traced back to 2012. The organization's attack targets are generally government and military departments in China and many South Asian countries. Some of its attacks also involve universities and scientific research institutions.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1193 T1566 T1137.001 T1053 T1070.004 T1170 T1102

Indicators of Compromise (6 / 23 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	04e9ce276b3cd75fc2b20b9b33080f7e	—	2023-11-20
FileHash-MD5	30ddd9ebe00f34f131efcd8124462fe3	—	2023-11-20
FileHash-MD5	7bea8ea83d5b4fe5985172dbb4fa1468	—	2023-11-20
FileHash-MD5	92612dc223e8f0656512cd882d66f78b	—	2023-11-20
FileHash-MD5	b2ab01d392d7d20a9261870e709b18d7	—	2023-11-20
FileHash-MD5	c2184d8fd3dd3df9fd6cf7ff8e32a3a4	—	2023-11-20

References (1)

↗ https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247508655&idx=1&sn=b808c9a435b473e5dc957d1b34a79432&chksm=ea6655d8dd11dcce5db489b200b67463f251c5900402b9a1cb18c9e1d9d1c56adee066eb165e&scene=178&cur_album_id=1539799351089283075#rd